Breaking SSL on embedded devices
Developers use embedded devices all the time, often without implementing security measures. When they do, they often rely on SSL. As revealed by the LittleBlackBox project there exists a collection of thousands of private SSL keys extracted from various embedded devices. These private keys are stored in a database where they are correlated with their public SSL certificates as well as the hardware/firmware that are known to use those SSL keys.
As summarized by Embedded Device Hacking, “That means that if Alice and Bob are both using the same router with the same firmware version, then both of their routers have the same SSL keys. All Eve needs to do in order to decrypt their traffic is to download the firmware from the vendor’s Web site and extract the SSL private key from the firmware image.”
Interesting.This entry was posted in hacks, reversed, security, utilities and tagged embedded devices, SSL.